abdulbaki aydın

baki [at] cs [.] ucsb [.] edu

Hi, I am a fifth year Ph.D. student in Computer Science department at University of California, Santa Barbara (UCSB). I am a member of Verification Lab where I am being advised by Prof. Tevfik Bultan.

I recently work on designing and implementing algorithms and building tools for software side channel analysis as part of the project that is funded by The Space/Time Analysis for Cybersecurity (STAC) program of DARPA. My current work spans research topics such as model counting, constraint solving, symbolic execution, and software security. Previously, I worked on analysis of web applications (JS, PHP) using automata based symbolic string execution techniques to automatically find and fix security related vulnerabilities. I worked on privacy threat detection and prevention on mobile platforms using dynamic analysis techniques (Android).

Other than research and development, I enjoy playing soccer, surfing (need more practice), traveling around, and exploring new places with my wife Yasemin.

Learn about my research interests

My Research Interests

to improve software dependability, software security, and developer productivity.

Model Counting and Constraint Solving

for vulnerability analysis on modern applications

Program Analysis (Static/Dynamic)

software side channel analysis, string analysis, complexity analysis

Automated Verification and Testing

bug discovery/fixing, test case generation, software security

Programming Languages and Compilers

optimizations, execution environments, domain specific languages

Publications

  • ISSTAC: Integrated Symbolic Execution for Space-Time Analysis of Code

    Daniel Balasubramanian, Kasper Luckow, Corina Pasareanu, Abdulbaki Aydin, Lucas Bang, Tevfik Bultan, Miroslav Gavrilov, Temesghen Kahsai, Rody Kersten, Dmitriy Kostyuchenko, Quoc-Sang Phan, Zhenkai Zhang, Gabor Karsai

    In submission to The 39th International Conference on Software Engineering (ICSE 2017).

  • String Analysis for Side Channels with Segmented Oracles

    Lucas Bang, Abdulbaki Aydin, Quoc-Sang Phan, Corina S. Pasareanu, Tevfik Bultan

    The 24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2016), Seattle, Washington, USA, November 13-18, 2016.

  • Automata-based Model Counting for String Constraints (Project Web Page)

    Abdulbaki Aydin, Lucas Bang, Tevfik Bultan

    Proceedings of the 27th International Conference on Computer Aided Verification, Part 1 (CAV 2015), pages 255-272, San Francisco, California, USA, July 18-24, 2015.

  • Automatically Computing Path Complexity of Programs (Project Web Page)

    Lucas Bang, Abdulbaki Aydin, Tevfik Bultan

    Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015), pages 61-72, Bergamo, Italy, Sep 02-04, 2015.

  • Semantic Differential Repair for Input Validation and Sanitization (Project Web Page)

    Muath Alkhalaf, Abdulbaki Aydin, Tevfik Bultan

    Proceedings of the 2014 International Symposium on Software Testing and Analysis (ISSTA 2014), pages 225-236, San Jose, California, USA, July 21-25, 2014.

  • Automated Test Generation from Vulnerability Signatures

    Abdulbaki Aydin, Muath Alkhalaf, Tevfik Bultan

    Proceedings of the 7th International Conference on Software Testing, Verification and Validation (ICST 2014), pages 193-202, Cleveland, Ohio, USA, March 31-April 4, 2014.

Tutorials

  • String Analysis for Vulnerability Detection and Repair

    Tevfik Bultan, Abdulbaki Aydin, Lucas Bang

    The 37th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI 2016), Santa Barbara, CA, USA, June 13-17, 2016.

Workshops

  • Automated Test Generation from Vulnerability Signatures *Best paper award receiver

    Abdulbaki Aydin, Muath Alkhalaf, Tevfik Bultan

    Graduate Student Workshop (GSWC 2014), Santa Barbara, CA, USA, Oct 10, 2014.

Projects and Tools

ABC
Automata Based model Counter

ABC is an automata-based model counting constraint solver. It is the only model counter that supports string theory and linear integer arithmetic theory simultaneously. ABC has many applications, including but not limited to, probabilistic symbolic execution, quantitative information flow analysis, test case generation, automated repair, vulnerability analysis, string analysis. Please see our CAV'15 publication for theoretical details. Currently, we are writing a paper about improvements and additions to ABC.

PAC
PAth Complexity analyzer

PAC analyzes your code and extracts a theoretical bound on worst case path complexity of your code. There is an online demo available! (Online demo will be back after system upgrade). PAC currently supports analysis of Java programs and can be extended to any programming language. Please see our ESEC/FSE'15 publication for theoretical details. We are working on improving PAC with inter-procedural analysis.

SemRep
Semantic Differential Repair

SemRep analyzes and repairs validation and sanitization functions against each other. The tool does not need any manual specification or intervention. It takes two functions as Dependency Graphs then it looks for differences in validation and sanitization operations for string variables. If a difference is found, the tool suggests a set of three patch functions that can be used to fix the difference. Please see our ISSTA'14 publication for theoretical details.

Resume

Education
  • Ph.D. Computer Science, University of California Santa Barbara, CA, USA 3.87/4.00 - Dec. 2016 (expected)
    • Advanced Topics in Security (CMPSC 279)
    • Scalable Internet Services (CMPSC 290B)
    • Advanced Computer Architecture (CMPSC 254)
    • Database Systems (CMPSC 274)
    • Modern Programming Languages and Their Implementations (CMPSC 263)
    • Automated Verification (CMPSC 267)
    • Software Engineering (CMPSC 272)
    • Formal Modals for Web Software (CMPSC 290C)
  • B.S. Computer Engineering, Fatih University, Istanbul, Turkey 3.97/4.00 - July 2009
  • B.S. Electric-Electronics Engineering, Fatih University, Istanbul, Turkey (double major) - July 2009
Professional Experience
  • Research Assistant, Verification Lab., University of California Santa Barbara Sep. 2012 - Present
    I am a member of Verification Lab where I am being advised by Prof. Tevfik Bultan. I recently work on designing and implementing algorithms and building tools for software side channel analysis as part of the project that is funded by The Space/Time Analysis for Cybersecurity (STAC) program of DARPA. My current work spans research topics such as model counting, constraint solving, symbolic execution, and software security. Previously, I worked on topics such as vulnerability analysis of web applications, automated code repair, automated testing and privacy threat detection/prevention on mobile platforms.
  • Research Intern, IBM T.J. Watson Research Center June 2014 - Sep 2014
    My research at IBM aims to provide a user-friendly fine-grained permission control on privacy sensitive data usages which prevents undesired data usages on mobile platforms. It can be summarized in three main phase: (1) identification of privacy sensitive data usages, (2) fine-grained configuration of privacy sensitive data usages via a user-friendly interface, (3) enforcement of fine-grained configurations without any degradation of application functionality.
  • Software Consultant, SecureDocs, Inc (Part-time) 2014 - 2015
    Experience: Test Driven Development, BackboneJS, Ruby on Rails
    Software development for SecureDocs and ContractWorks.
  • Software Engineering Intern, Appfolio, Inc June 2013 - Sep 2013
    Experience: Test Driven Development, Pair Programming, Scrum, Agile Development
    Developed new software components and made improvements for a secure virtual data room solution called SecureDocs. Used BackboneJS for client side development and Ruby on Rails for server side development.
  • Teaching Assistant, University of California Santa Barbara Fall'11, Winter'12, Spring'12, Winter'13
    • Data Structures and Algorithms (CMPSC 130A)
    • Translation of Programming Languages (CMPSC 160) * Outstanding Teaching Assistant award received
    • Introduction to Cryptography (CMPSC 178)
  • Software Developer, Hewlett-Packard July 2009 - August 2011
    Developed several software components using various programming languages and technologies. (ActionScript, PHP, C#, Java, XSLT, Web Services...)
Honors & Awards
  • Best Paper Award, Graduate Student Workshop (GSWC 2014) 2014, USA
  • Outstanding Teaching Assistant, University of California Santa Barbara Winter 2013, USA
  • High Honor, Fatih University 2004 - 2009, Turkey
  • First Double Major Graduate (Electric-Electronics Engineering), Fatih University July 2009, Turkey
  • Ranked in first 100 among 1.5 million students in the National University Entrance Exam 2006, Turkey
  • Ranked as 253rd among 1.5 million students in the National University Entrance Exam 2004, Turkey
Computer Skills
  • C, C++, Java, PHP, JavaScript, Ruby, Python
  • MVC frameworks; Backbone, Ruby on Rails
  • XML, HTML, CSS, XSLT, SQL
  • Linux, Windows
  • Knowledge on program analysis tools, verification tools and languages
Language Skills
  • Turkish - Mother tongue
  • English - Advanced
  • Spanish - Basic


Personal Skills
  • Self-motivated and have self-learning skills
  • Ability to work in a fast paced and dynamic environment
  • Passion to continuously learn and improve
Interests
  • Playing soccer, Surfing, Ping-pong
  • Traveling, Nature
  • Reading history and biography
* References available upon request

baki [at] cs [.] ucsb [.] edu